CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44852
https://notcve.org/view.php?id=CVE-2024-44852
06 Dec 2024 — Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a segmentation violation via the component theta_star::ThetaStar::isUnsafeToPlan(). • https://github.com/GoesM/ROS-CVE-CNVDs • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38921
https://notcve.org/view.php?id=CVE-2024-38921
06 Dec 2024 — Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request for change the value of dynamic-parameter`/amcl z_rand ` . • https://github.com/GoesM/ROS-CVE-CNVDs • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38922
https://notcve.org/view.php?id=CVE-2024-38922
06 Dec 2024 — Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble version was discovered to contain a heap overflow in the nav2_amcl process. This vulnerability is triggered via sending a crafted message to the component /initialpose. • https://github.com/GoesM/ROS-CVE-CNVDs • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38923
https://notcve.org/view.php?id=CVE-2024-38923
06 Dec 2024 — Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request to change the value of dynamic-parameter`/amcl odom_frame_id` . • https://github.com/GoesM/ROS-CVE-CNVDs • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38924
https://notcve.org/view.php?id=CVE-2024-38924
06 Dec 2024 — Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request to change the value of dynamic-parameter`/amcl laser_model_type` . • https://github.com/GoesM/ROS-CVE-CNVDs • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38925
https://notcve.org/view.php?id=CVE-2024-38925
06 Dec 2024 — Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request for change the value of dynamic-parameter`/amcl z_max` . • https://github.com/GoesM/ROS-CVE-CNVDs • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38926
https://notcve.org/view.php?id=CVE-2024-38926
06 Dec 2024 — Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request for change the value of dynamic-parameter `/amcl z_short`. • https://github.com/GoesM/ROS-CVE-CNVDs • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38927
https://notcve.org/view.php?id=CVE-2024-38927
06 Dec 2024 — Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request to change the value of dynamic-parameter `/amcl do_beamskip`. • https://github.com/GoesM/ROS-CVE-CNVDs • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41644
https://notcve.org/view.php?id=CVE-2024-41644
06 Dec 2024 — Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via the dyn_param_handler_ component. • https://github.com/GoesM/ROS-CVE-CNVDs • CWE-281: Improper Preservation of Permissions •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41645
https://notcve.org/view.php?id=CVE-2024-41645
06 Dec 2024 — Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2__amcl. • https://github.com/GoesM/ROS-CVE-CNVDs • CWE-281: Improper Preservation of Permissions •